reuse reqid when a ROUTED child_sa gets INSTALLED

fixed a bug in retransmission code
added support for the "keyingtries" ipsec.conf parameter
added support for the "dpddelay" ipsec.conf parameter
done some work for "dpdaction" behavior
some other cleanups and fixes

11 files changed, 171 insertions, 317 deletions

diff --git a/src/charon/queues/jobs/delete_established_ike_sa_job.c b/src/charon/queues/jobs/delete_established_ike_sa_job.c
deleted file mode 100644
index e5230e532..000000000
--- a/src/charon/queues/jobs/delete_established_ike_sa_job.c
+++ /dev/null
@@ -1,99 +0,0 @@
-/**
- * @file delete_established_ike_sa_job.c
- * 
- * @brief Implementation of delete_established_ike_sa_job_t.
- * 
- */
-
-/*
- * Copyright (C) 2005-2006 Martin Willi
- * Copyright (C) 2005 Jan Hutter
- * Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
- * for more details.
- */
-
-#include "delete_established_ike_sa_job.h"
-
-#include <daemon.h>
-
-
-typedef struct private_delete_established_ike_sa_job_t private_delete_established_ike_sa_job_t;
-
-/**
- * Private data of an delete_established_ike_sa_job_t object.
- */
-struct private_delete_established_ike_sa_job_t {
-	/**
-	 * Public delete_established_ike_sa_job_t interface.
-	 */
-	delete_established_ike_sa_job_t public;
-	
-	/**
-	 * ID of the ike_sa to delete.
-	 */
-	ike_sa_id_t *ike_sa_id;
-	
-	/**
-	 * Logger ref
-	 */
-	logger_t *logger;
-};
-
-/**
- * Implementation of job_t.get_type.
- */
-static job_type_t get_type(private_delete_established_ike_sa_job_t *this)
-{
-	return DELETE_ESTABLISHED_IKE_SA;
-}
-
-
-/**
- * Implementation of job_t.execute.
- */
-static status_t execute(private_delete_established_ike_sa_job_t *this)
-{
-	if (charon->ike_sa_manager->delete(charon->ike_sa_manager, 
-									   this->ike_sa_id) != SUCCESS)
-	{
-		this->logger->log(this->logger, ERROR|LEVEL1, "IKE SA didn't exist anymore");
-	}
-	return DESTROY_ME;
-}
-
-/**
- * Implementation of job_t.destroy.
- */
-static void destroy(private_delete_established_ike_sa_job_t *this)
-{
-	this->ike_sa_id->destroy(this->ike_sa_id);
-	free(this);
-}
-
-/*
- * Described in header
- */
-delete_established_ike_sa_job_t *delete_established_ike_sa_job_create(ike_sa_id_t *ike_sa_id)
-{
-	private_delete_established_ike_sa_job_t *this = malloc_thing(private_delete_established_ike_sa_job_t);
-	
-	/* interface functions */
-	this->public.job_interface.get_type = (job_type_t (*) (job_t *)) get_type;
-	this->public.job_interface.execute = (status_t (*) (job_t *)) execute;
-	this->public.job_interface.destroy = (void (*)(job_t*)) destroy;
-		
-	/* private variables */
-	this->ike_sa_id = ike_sa_id->clone(ike_sa_id);
-	this->logger = logger_manager->get_logger(logger_manager, WORKER);
-	
-	return &(this->public);
-}
diff --git a/src/charon/queues/jobs/delete_established_ike_sa_job.h b/src/charon/queues/jobs/delete_established_ike_sa_job.h
deleted file mode 100644
index 9f04c7846..000000000
--- a/src/charon/queues/jobs/delete_established_ike_sa_job.h
+++ /dev/null
@@ -1,62 +0,0 @@
-/**
- * @file delete_established_ike_sa_job.h
- * 
- * @brief Interface of delete_established_ike_sa_job_t.
- * 
- */
-
-/*
- * Copyright (C) 2005-2006 Martin Willi
- * Copyright (C) 2005 Jan Hutter
- * Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
- * for more details.
- */
- 
-#ifndef DELETE_ESTABLISHED_IKE_SA_JOB_H_
-#define DELETE_ESTABLISHED_IKE_SA_JOB_H_
-
-#include <types.h>
-#include <sa/ike_sa_id.h>
-#include <queues/jobs/job.h>
-
-
-typedef struct delete_established_ike_sa_job_t delete_established_ike_sa_job_t;
-
-/**
- * @brief Class representing an DELETE_ESTABLISHED_IKE_SA Job.
- * 
- * This job initiates the deletion of an IKE_SA. The SA
- * to delete is specified via an ike_sa_id_t.
- * 
- * @b Constructors:
- *  - delete_established_ike_sa_job_create()
- * 
- * @ingroup jobs
- */
-struct delete_established_ike_sa_job_t {
-	/**
-	 * The job_t interface.
-	 */
-	job_t job_interface;
-};
-
-/**
- * @brief Creates a job of type DELETE_ESTABLISHED_IKE_SA.
- * 
- * @param ike_sa_id		id of the IKE_SA to delete
- * @return				delete_established_ike_sa_job_t object
- * 
- * @ingroup jobs
- */
-delete_established_ike_sa_job_t *delete_established_ike_sa_job_create(ike_sa_id_t *ike_sa_id);
-
-#endif /*DELETE_ESTABLISHED_IKE_SA_JOB_H_*/
diff --git a/src/charon/queues/jobs/delete_half_open_ike_sa_job.c b/src/charon/queues/jobs/delete_half_open_ike_sa_job.c
deleted file mode 100644
index 7b79480bf..000000000
--- a/src/charon/queues/jobs/delete_half_open_ike_sa_job.c
+++ /dev/null
@@ -1,117 +0,0 @@
-/**
- * @file delete_half_open_ike_sa_job.c
- * 
- * @brief Implementation of delete_half_open_ike_sa_job_t.
- * 
- */
-
-/*
- * Copyright (C) 2005-2006 Martin Willi
- * Copyright (C) 2005 Jan Hutter
- * Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
- * for more details.
- */
-
-#include "delete_half_open_ike_sa_job.h"
-
-#include <daemon.h>
-
-typedef struct private_delete_half_open_ike_sa_job_t private_delete_half_open_ike_sa_job_t;
-
-/**
- * Private data of an delete_half_open_ike_sa_job_t Object
- */
-struct private_delete_half_open_ike_sa_job_t {
-	/**
-	 * public delete_half_open_ike_sa_job_t interface
-	 */
-	delete_half_open_ike_sa_job_t public;
-	
-	/**
-	 * ID of the ike_sa to delete
-	 */
-	ike_sa_id_t *ike_sa_id;
-	
-	/**
-	 * logger ref
-	 */
-	logger_t *logger;
-};
-
-/**
- * Implements job_t.get_type.
- */
-static job_type_t get_type(private_delete_half_open_ike_sa_job_t *this)
-{
-	return DELETE_HALF_OPEN_IKE_SA;
-}
-
-/**
- * Implementation of job_t.execute.
- */
-static status_t execute(private_delete_half_open_ike_sa_job_t *this)
-{
-	ike_sa_t *ike_sa;
-	
-	ike_sa = charon->ike_sa_manager->checkout(charon->ike_sa_manager, this->ike_sa_id);
-	if (ike_sa == NULL)
-	{
-		/* hm, somebody was faster ;-) */
-		return DESTROY_ME;
-	}
-	
-	switch (ike_sa->get_state(ike_sa))
-	{
-		case IKE_ESTABLISHED:
-		{
-			/* IKE_SA is established and so is not getting destroyed */
-			charon->ike_sa_manager->checkin(charon->ike_sa_manager, ike_sa);
-			return DESTROY_ME;
-		}
-		default:
-		{
-			/* IKE_SA is half open and gets destroyed */
-			this->logger->log(this->logger, AUDIT,
-							  "deleting half open IKE_SA after timeout");
-			charon->ike_sa_manager->checkin_and_destroy(charon->ike_sa_manager, ike_sa);
-			return DESTROY_ME;
-		}
-	}
-}
-
-/**
- * Implements job_t.destroy.
- */
-static void destroy(private_delete_half_open_ike_sa_job_t *this)
-{
-	this->ike_sa_id->destroy(this->ike_sa_id);
-	free(this);
-}
-
-/*
- * Described in header
- */
-delete_half_open_ike_sa_job_t *delete_half_open_ike_sa_job_create(ike_sa_id_t *ike_sa_id)
-{
-	private_delete_half_open_ike_sa_job_t *this = malloc_thing(private_delete_half_open_ike_sa_job_t);
-	
-	/* interface functions */
-	this->public.job_interface.get_type = (job_type_t (*) (job_t *)) get_type;
-	this->public.job_interface.execute = (status_t (*) (job_t *)) execute;
-	this->public.job_interface.destroy = (void (*)(job_t *)) destroy;;
-	
-	/* private variables */
-	this->ike_sa_id = ike_sa_id->clone(ike_sa_id);
-	this->logger = logger_manager->get_logger(logger_manager, WORKER);
-	
-	return &(this->public);
-}
diff --git a/src/charon/queues/jobs/delete_ike_sa_job.c b/src/charon/queues/jobs/delete_ike_sa_job.c
new file mode 100644
index 000000000..e2a861757
--- /dev/null
+++ b/src/charon/queues/jobs/delete_ike_sa_job.c
@@ -0,0 +1,136 @@
+/**
+ * @file delete_ike_sa_job.c
+ * 
+ * @brief Implementation of delete_ike_sa_job_t.
+ * 
+ */
+
+/*
+ * Copyright (C) 2005-2006 Martin Willi
+ * Copyright (C) 2005 Jan Hutter
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+#include "delete_ike_sa_job.h"
+
+#include <daemon.h>
+
+typedef struct private_delete_ike_sa_job_t private_delete_ike_sa_job_t;
+
+/**
+ * Private data of an delete_ike_sa_job_t Object
+ */
+struct private_delete_ike_sa_job_t {
+	/**
+	 * public delete_ike_sa_job_t interface
+	 */
+	delete_ike_sa_job_t public;
+	
+	/**
+	 * ID of the ike_sa to delete
+	 */
+	ike_sa_id_t *ike_sa_id;
+	
+	/**
+	 * Should the IKE_SA be deleted if it is in ESTABLISHED state?
+	 */
+	bool delete_if_established;
+	
+	/**
+	 * logger ref
+	 */
+	logger_t *logger;
+};
+
+/**
+ * Implements job_t.get_type.
+ */
+static job_type_t get_type(private_delete_ike_sa_job_t *this)
+{
+	return DELETE_IKE_SA;
+}
+
+/**
+ * Implementation of job_t.execute.
+ */
+static status_t execute(private_delete_ike_sa_job_t *this)
+{
+	ike_sa_t *ike_sa;
+	
+	if (this->delete_if_established)
+	{
+		if (charon->ike_sa_manager->delete(charon->ike_sa_manager, 
+			this->ike_sa_id) != SUCCESS)
+		{
+			this->logger->log(this->logger, ERROR|LEVEL1, "IKE SA didn't exist anymore");
+		}
+		return DESTROY_ME;
+	}
+	else
+	{
+		ike_sa = charon->ike_sa_manager->checkout(charon->ike_sa_manager, this->ike_sa_id);
+		if (ike_sa == NULL)
+		{
+			/* hm, somebody was faster ;-) */
+			return DESTROY_ME;
+		}
+		
+		switch (ike_sa->get_state(ike_sa))
+		{
+			case IKE_ESTABLISHED:
+			{
+				/* IKE_SA is established and so is not getting destroyed */
+				charon->ike_sa_manager->checkin(charon->ike_sa_manager, ike_sa);
+				return DESTROY_ME;
+			}
+			default:
+			{
+				/* IKE_SA is half open and gets destroyed */
+				this->logger->log(this->logger, AUDIT,
+								"deleting half open IKE_SA after timeout");
+				charon->ike_sa_manager->checkin_and_destroy(charon->ike_sa_manager, ike_sa);
+				return DESTROY_ME;
+			}
+		}
+	}
+}
+
+/**
+ * Implements job_t.destroy.
+ */
+static void destroy(private_delete_ike_sa_job_t *this)
+{
+	this->ike_sa_id->destroy(this->ike_sa_id);
+	free(this);
+}
+
+/*
+ * Described in header
+ */
+delete_ike_sa_job_t *delete_ike_sa_job_create(ike_sa_id_t *ike_sa_id, 
+											  bool delete_if_established)
+{
+	private_delete_ike_sa_job_t *this = malloc_thing(private_delete_ike_sa_job_t);
+	
+	/* interface functions */
+	this->public.job_interface.get_type = (job_type_t (*) (job_t *)) get_type;
+	this->public.job_interface.execute = (status_t (*) (job_t *)) execute;
+	this->public.job_interface.destroy = (void (*)(job_t *)) destroy;;
+	
+	/* private variables */
+	this->ike_sa_id = ike_sa_id->clone(ike_sa_id);
+	this->delete_if_established = delete_if_established;
+	this->logger = logger_manager->get_logger(logger_manager, WORKER);
+	
+	return &(this->public);
+}
diff --git a/src/charon/queues/jobs/delete_half_open_ike_sa_job.h b/src/charon/queues/jobs/delete_ike_sa_job.h
index 3f11d1aac..8ef68b1c6 100644
--- a/src/charon/queues/jobs/delete_half_open_ike_sa_job.h
+++ b/src/charon/queues/jobs/delete_ike_sa_job.h
@@ -1,7 +1,7 @@
 /**
- * @file delete_half_open_ike_sa_job.h
+ * @file delete_ike_sa_job.h
  * 
- * @brief Interface of delete_half_open_ike_sa_job_t.
+ * @brief Interface of delete_ike_sa_job_t.
  * 
  */
 
@@ -21,29 +21,29 @@
  * for more details.
  */
  
-#ifndef DELETE_HALF_OPEN_IKE_SA_JOB_H_
-#define DELETE_HALF_OPEN_IKE_SA_JOB_H_
+#ifndef DELETE_IKE_SA_JOB_H_
+#define DELETE_IKE_SA_JOB_H_
 
 #include <types.h>
 #include <sa/ike_sa_id.h>
 #include <queues/jobs/job.h>
 
 
-typedef struct delete_half_open_ike_sa_job_t delete_half_open_ike_sa_job_t;
+typedef struct delete_ike_sa_job_t delete_ike_sa_job_t;
 
 /**
- * @brief Class representing an DELETE_HALF_OPEN_IKE_SA Job.
+ * @brief Class representing an DELETE_IKE_SA Job.
  * 
- * This job is responsible for deleting of half open IKE_SAs. A half 
- * open IKE_SA is every IKE_SA which hasn't reache the SA_ESTABLISHED
+ * This job is responsible for deleting established or half open IKE_SAs. 
+ * A half open IKE_SA is every IKE_SA which hasn't reache the SA_ESTABLISHED
  * state.
  * 
  * @b Constructors:
- *  - delete_half_open_ike_sa_job_create()
+ *  - delete_ike_sa_job_create()
  * 
  * @ingroup jobs
  */
-struct delete_half_open_ike_sa_job_t {
+struct delete_ike_sa_job_t {
 	
 	/**
 	 * The job_t interface.
@@ -52,13 +52,15 @@ struct delete_half_open_ike_sa_job_t {
 };
 
 /**
- * @brief Creates a job of type DELETE_HALF_OPEN_IKE_SA.
+ * @brief Creates a job of type DELETE_IKE_SA.
  * 
- * @param ike_sa_id		id of the IKE_SA to delete
- * @return				created delete_half_open_ike_sa_job_t object
+ * @param ike_sa_id				id of the IKE_SA to delete
+ * @param delete_if_established	should the IKE_SA be deleted if it is established?
+ * @return						created delete_ike_sa_job_t object
  * 
  * @ingroup jobs
  */
-delete_half_open_ike_sa_job_t *delete_half_open_ike_sa_job_create(ike_sa_id_t *ike_sa_id);
+delete_ike_sa_job_t *delete_ike_sa_job_create(ike_sa_id_t *ike_sa_id,
+											  bool delete_if_established);
 
-#endif /* DELETE_HALF_OPEN_IKE_SA_JOB_H_ */
+#endif /* DELETE_IKE_SA_JOB_H_ */
diff --git a/src/charon/queues/jobs/incoming_packet_job.c b/src/charon/queues/jobs/incoming_packet_job.c
index 81e0366c8..f773a57f4 100644
--- a/src/charon/queues/jobs/incoming_packet_job.c
+++ b/src/charon/queues/jobs/incoming_packet_job.c
@@ -25,7 +25,6 @@
 #include "incoming_packet_job.h"
 
 #include <daemon.h>
-#include <queues/jobs/delete_half_open_ike_sa_job.h>
 
 typedef struct private_incoming_packet_job_t private_incoming_packet_job_t;
 
diff --git a/src/charon/queues/jobs/initiate_job.c b/src/charon/queues/jobs/initiate_job.c
index 4b5b704ae..00c4ef32e 100644
--- a/src/charon/queues/jobs/initiate_job.c
+++ b/src/charon/queues/jobs/initiate_job.c
@@ -27,7 +27,6 @@
 #include "initiate_job.h"
 
 #include <daemon.h>
-#include <queues/jobs/delete_half_open_ike_sa_job.h>
 
 typedef struct private_initiate_job_t private_initiate_job_t;
 
@@ -71,9 +70,11 @@ static status_t execute(private_initiate_job_t *this)
 {
 	ike_sa_t *ike_sa;
 	
-	ike_sa = charon->ike_sa_manager->checkout_by_ids(charon->ike_sa_manager,
-										this->policy->get_my_id(this->policy),
-										this->policy->get_other_id(this->policy));
+	ike_sa = charon->ike_sa_manager->checkout_by_id(charon->ike_sa_manager,
+							this->connection->get_my_host(this->connection),
+							this->connection->get_other_host(this->connection),
+							this->policy->get_my_id(this->policy),
+							this->policy->get_other_id(this->policy));
 	
 	this->connection->get_ref(this->connection);
 	this->policy->get_ref(this->policy);
diff --git a/src/charon/queues/jobs/job.c b/src/charon/queues/jobs/job.c
index f99ea14c1..fe9127a75 100644
--- a/src/charon/queues/jobs/job.c
+++ b/src/charon/queues/jobs/job.c
@@ -31,8 +31,7 @@ mapping_t job_type_m[] = {
 	{INITIATE, "INITIATE"},
 	{ROUTE, "ROUTE"},
 	{ACQUIRE, "ACQUIRE"},
-	{DELETE_ESTABLISHED_IKE_SA, "DELETE_ESTABLISHED_IKE_SA"},
-	{DELETE_HALF_OPEN_IKE_SA, "DELETE_HALF_OPEN_IKE_SA"},
+	{DELETE_IKE_SA, "DELETE_IKE_SA"},
 	{DELETE_CHILD_SA, "DELETE_CHILD_SA"},
 	{REKEY_CHILD_SA, "REKEY_CHILD_SA"},
 	{REKEY_IKE_SA, "REKEY_IKE_SA"},
diff --git a/src/charon/queues/jobs/job.h b/src/charon/queues/jobs/job.h
index d1b0a5c82..879b9ab12 100644
--- a/src/charon/queues/jobs/job.h
+++ b/src/charon/queues/jobs/job.h
@@ -72,35 +72,28 @@ enum job_type_t {
 	ACQUIRE,
 	
 	/** 
-	 * Delete an ike sa which is still not established.
+	 * Delete an IKE_SA.
 	 * 
-	 * Job is implemented in class delete_half_open_ike_sa_job_t
+	 * Job is implemented in class delete_ike_sa_job_t
 	 */
-	DELETE_HALF_OPEN_IKE_SA,
-	
-	/** 
-	 * Delete an ike sa which is established.
-	 * 
-	 * Job is implemented in class delete_established_ike_sa_job_t
-	 */	
-	DELETE_ESTABLISHED_IKE_SA,
+	DELETE_IKE_SA,
 	
 	/**
-	 * Delete a child sa.
+	 * Delete a CHILD_SA.
 	 * 
 	 * Job is implemented in class delete_child_sa_job_t
 	 */
 	DELETE_CHILD_SA,
 	
 	/**
-	 * Rekey a child sa.
+	 * Rekey a CHILD_SA.
 	 * 
 	 * Job is implemented in class rekey_child_sa_job_t
 	 */
 	REKEY_CHILD_SA,
 	
 	/**
-	 * Rekey an IKE_SA
+	 * Rekey an IKE_SA.
 	 * 
 	 * Job is implemented in class rekey_ike_sa_job_t
 	 */
diff --git a/src/charon/queues/jobs/retransmit_request_job.c b/src/charon/queues/jobs/retransmit_request_job.c
index 6a533ec7a..494897e41 100644
--- a/src/charon/queues/jobs/retransmit_request_job.c
+++ b/src/charon/queues/jobs/retransmit_request_job.c
@@ -66,7 +66,7 @@ static job_type_t get_type(private_retransmit_request_job_t *this)
 static status_t execute(private_retransmit_request_job_t *this)
 {
 	ike_sa_t *ike_sa;
-				
+	
 	ike_sa = charon->ike_sa_manager->checkout(charon->ike_sa_manager, this->ike_sa_id);
 	if (ike_sa == NULL)
 	{
diff --git a/src/charon/queues/jobs/route_job.c b/src/charon/queues/jobs/route_job.c
index ae773afdf..b60f117d7 100644
--- a/src/charon/queues/jobs/route_job.c
+++ b/src/charon/queues/jobs/route_job.c
@@ -74,9 +74,11 @@ static status_t execute(private_route_job_t *this)
 {
 	ike_sa_t *ike_sa;
 	
-	ike_sa = charon->ike_sa_manager->checkout_by_ids(charon->ike_sa_manager,
-										this->policy->get_my_id(this->policy),
-										this->policy->get_other_id(this->policy));
+	ike_sa = charon->ike_sa_manager->checkout_by_id(charon->ike_sa_manager,
+							this->connection->get_my_host(this->connection),
+							this->connection->get_other_host(this->connection),
+							this->policy->get_my_id(this->policy),
+							this->policy->get_other_id(this->policy));
 	if (this->route)
 	{
 		if (ike_sa->route(ike_sa, this->connection, this->policy) != SUCCESS)